As one might imagine, running a stock exchange is a fairly profitable business. Case in point: the London Stock Exchange (LSE), which earns over $100m a year in profit running one of the world’s most recognizable equities markets.

Most of that profit is, of course, derived from the operations of markets and ancillary market services, such as the distribution of stock information. Yet if you go to the LSE website, you might notice that the exchange has no qualms about making a little bit extra on the side through display advertising.

That wouldn’t be a problem, and it wouldn’t be worth noting, if the ads the LSE served were simply ads. But apparently they’re not always ads.

As reported by the BBC, some of the ads displayed on the LSE website recently have carried malicious payloads, one of which apparently infected a security researcher’s computer with a trojan despite the fact that it had up-to-date antivirus definitions.

According to the BBC, this security researcher’s experience may not be isolated:

Of the 1112 pages that Google scanned on the LSE site over the last 90 days,
363 were found to be hosting malware. The malicious code it found included
scripting exploits and trojans.

The LSE says that ads served by a third party are to blame, and that the situation has since been rectified. But the fact that third party ads on such an important website were compromised begs the question: why do entities like the LSE even display advertising on their websites in the first place?

Sure, on paper, there’s no such thing as a revenue stream not worth dipping one’s toes in, but in reality, it’s hard to imagine that banner ads — particularly those served up by third party ad networks — are really all that meaningful to the LSE’s top line or bottom line.

At the very least, one might suggest that the LSE’s advertising should be limited to ads delivered in-house for corporate partners and sponsors with whom the LSE has broader relationships.

This, of course, would have likely prevented the LSE from putting the integrity of its site in the hands of third party ad networks, which have been a target for hackers and scammers for some time now.

From this perspective, the decision of whether or not to run advertising should boil down to one thing: user experience.

A colleague of mine helps run a popular site in a lucrative niche. The site is very popular, and its primary source of revenue is paid content and events. No advertising is displayed.

I once asked, “Why don’t you just throw up AdSense? You’ll probably make $5,000 a month easy.” His response: an extra $5,000 each month wouldn’t compensate for the degradation of the user experience the ads cause.

Which highlights the question every company that doesn’t rely on advertising should ask before deciding to add advertising to its website: is the revenue from advertising meaningful enough to justify altering the user experience to support them?

In the case of entities like the LSE, chances are that the answer is ‘no‘, regardless of the risk of malicious ads.